47dc0ae6efa5db2514b3b6db4abf3edd3d74c1a293abef494b6f3840332ba589

Sharing

Copy URL Twitter E-mail

General

Target

47dc0ae6efa5db2514b3b6db4abf3edd3d74c1a293abef494b6f3840332ba589
Size

669KB
MD5

19a41aff72f8ed8213f5a3f9ef529913
SHA1

7d74c9fff6a93aace3c78944e53d6fae76d1f97a
SHA256

47dc0ae6efa5db2514b3b6db4abf3edd3d74c1a293abef494b6f3840332ba589
SHA512

6d39c3d320d20ee252e8ed1401acbb4fb88c78938f5d70341f7c379b95178fc858ec1a92f837d94447808cde0c2b0fa8218308a72e79d1a6dde08e00fc449cd3
SSDEEP

12288:hEP0LtRwO4yKnaBSfgVIeNwZUA6wLZJcygN5RDgPLNl6US2D8C4g:DLtaODKnVoVIeNwZUAVcVGLCUS2Q

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

47dc0ae6efa5db2514b3b6db4abf3edd3d74c1a293abef494b6f3840332ba589
.exe windows x86

265e7c6982658101461e221b9686fb01

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCPInfo
GetOEMCP
FileTimeToSystemTime
GetModuleHandleW
SetErrorMode
FileTimeToLocalFileTime
GetFileAttributesA
GetFileSizeEx
GetFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
GetCommandLineA
GetStartupInfoA
HeapAlloc
HeapFree
RtlUnwind
RaiseException
HeapReAlloc
VirtualProtect
VirtualAlloc
VirtualQuery
HeapSize
GetACP
IsValidCodePage
GetFullPathNameA
LCMapStringW
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapCreate
VirtualFree
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
DeviceIoControl
GetVolumeInformationA
FindFirstFileA
FindClose
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetThreadLocale
InterlockedIncrement
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
GlobalFlags
FormatMessageA
LocalFree
MulDiv
InterlockedDecrement
GetModuleFileNameW
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GetVersionExA
GlobalAddAtomA
SetLastError
GlobalUnlock
FreeResource
GlobalFree
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesA
GetModuleFileNameA
GetLocaleInfoA
CompareStringA
InterlockedExchange
GlobalLock
GlobalAlloc
GetModuleHandleA
GetQueuedCompletionStatus
PostQueuedCompletionStatus
GetSystemInfo
CreateIoCompletionPort
QueryPerformanceCounter
OutputDebugStringA
lstrcmpA
WritePrivateProfileStringA
lstrlenA
CreateThread
ReadProcessMemory
SleepEx
VirtualAllocEx
CreateProcessA
lstrcatA
lstrcpyA
SuspendThread
Sleep
ResumeThread
MultiByteToWideChar
GetLastError
CreateFileA
GetTickCount
WriteProcessMemory
OpenProcess
UnmapViewOfFile
FreeLibrary
GetCurrentProcessId
MapViewOfFile
CreateFileMappingA
ExitProcess
GetProcAddress
LoadLibraryA
FindResourceA
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
QueryPerformanceFrequency
Module32Next
Module32First
CreateToolhelp32Snapshot
CloseHandle
GetCurrentProcess
LeaveCriticalSection
EnterCriticalSection
SetPriorityClass
InitializeCriticalSection
LCMapStringA
DeleteCriticalSection
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

PostThreadMessageA
SendDlgItemMessageA
WinHelpA
IsChild
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SetFocus
GetWindowTextA
GetForegroundWindow
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
UpdateWindow
GetSubMenu
GetMenuItemID
GetMenuItemCount
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
ScreenToClient
EqualRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
GetMenu
SetWindowLongA
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
CharUpperA
GetLastActivePopup
RegisterClipboardFormatA
SetCursor
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
ReleaseDC
GetDC
CopyRect
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetWindowLongA
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
EnableWindow
GetSysColorBrush
GetWindow
SetWindowContextHelpId
MapDialogRect
SetWindowPos
PostQuitMessage
GetWindowRect
SetParent
GetParent
ShowWindow
PtInRect
PostMessageA
KillTimer
DrawIcon
GetClientRect
GetSystemMetrics
IsIconic
SetTimer
SendMessageA
AppendMenuA
GetSystemMenu
LoadIconA
MessageBoxA
UnregisterClassA
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
InvalidateRect
SetRect
IsRectEmpty
CopyAcceleratorTableA
CharNextA
ReleaseCapture
LoadCursorA
SetCapture
WindowFromPoint
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
DestroyMenu
MoveWindow
SetWindowTextA
IsDialogMessageA
SetDlgItemTextA
GetDlgItemTextA
GetWindowThreadProcessId
RegisterWindowMessageA
GetCapture

gdi32

SetMapMode
DeleteObject
GetViewportExtEx
GetWindowExtEx
PtVisible
RectVisible
TextOutA
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
GetStockObject
GetBkColor
GetTextColor
GetRgnBox
GetMapMode
RestoreDC
SaveDC
GetDeviceCaps
ExtTextOutA
GetObjectA
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
CreateFontA
CreateRectRgnIndirect

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegCreateKeyExA
RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegSetValueExA
OpenProcessToken
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
AdjustTokenPrivileges
LookupPrivilegeValueA

comctl32

InitCommonControlsEx

shlwapi

PathFindFileNameA
PathRemoveFileSpecW
PathStripToRootA
PathFindExtensionA
PathIsUNCA

oledlg

ord8

ole32

CoGetClassObject
CoInitializeEx
CoCreateInstance
CoUninitialize
CoTaskMemAlloc
StgOpenStorageOnILockBytes
CoTaskMemFree
CLSIDFromString
CLSIDFromProgID
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter

oleaut32

SysFreeString
VariantInit
SysStringLen
SysAllocStringByteLen
OleCreateFontIndirect
VariantTimeToSystemTime
SystemTimeToVariantTime
SafeArrayDestroy
SysAllocString
VariantCopy
SysAllocStringLen
VariantChangeType
VariantClear

ws2_32

WSARecv
WSAGetLastError
connect
WSASend
inet_addr
WSASocketA
WSAStartup
closesocket
htons

netapi32

Netbios

dbghelp

ImageRvaToVa

Exports

Exports

��,��#A-c��r�q;SE��ҳ�_?�:��s��;IY4�j)�`��7P"��L�A5�4��vIEZ_�;U@�� t� =��ya:�d�L^Q%�( V$�Q髴�m�W灕lyM�q'c��DT�sd��ε�:��%?g*Dk|ڥ�� B��H��*��O�.��JYC!E��7R�vs��k[ZrY�8n'EJ��cF��}i��dIup��A�r�eB��4�g�mu=;��Q��8��fr��j�I3��iw�GV��]A�c��_�&Y��So:gU��¨Sp]��9��D��p� ��j;R�o��(Qםz`+��]?d�DĤ��2�n��C��)�%�*�cYԉLB4��y��t��P��>��8(>��k�@�_ �6�v��u^�AA3FMc��*�>b�1�RZ�[&�>��&�訹q��h_�#rM�2Dh5��lD��S��d8v�#��^f��EV:�̅�F:NO�م�r�<�I+�oT��ND1C�95\&зS �� r̚CM�Vk��ϋwz�ih�}��:�3�E��R��ųS!��˕�<BQ�1ϱڞ�]q��h)��-�mv(�(;��o��}��?*^�9�� A��G�k�5>Q�-�_��,�Xi)�K��s��[:F��@�P{�%_�!�#�@��]�v��an*��&m��)��W�Q{��厀][��8��̳,��,�7�d�:��Ŕ�a�;�h��$��n[;�bX��S<*ZC;hF�`��M��P�&�d��6��Y��.�8��k2S��j��\-�b�_��s��'P�rE�ff��JHx��,ߴ�%��;�W��e"�� UG��p�V)�Mw�O��-}J�:侱�l�2c��7(�C�gc��y��k��5.%�v?;c��O�y�s��z��`%\�!q��󡺸�� g�9��"$�l��'�W'��tU� {��%ۓӎ�Od�W#��o��;4�m�^�� >�R�_<�+�{��w@0�T@�j��Y�H��*=��%��}Y��$#ނ�$~N�2h�e]#� {�Y:��Z�\Q_��i�]��3��a�;6��U[a252�K��3��B �o'��B�T�\+��;��8t�� y��L�_x��"&ϲ�׿�{%��i"��I>�Ρ� �8Z]��{9 ��$Ε�q,�f�ٜк��:��\��_/5FO+�MN��T�4�8I9,��A�6�f�uHu>��ϞKyLͧ>m?Ab6+��Fr��eF�l�t�C��0qwR��N�j`��ZV?J��!Ÿ��o(��t��V��l��1��Q��O�[�'��j�#V�*�t#c�6{�8& Jb��}��F�ص�_�u��^��>R�g)��U��y��` ��4�8#�l��̙s=�4��_��=��t�=?�{�z�R޴<�b�m?`xf?[��Ej��B�p��I5��\x�:C�ɏPWT�ч�l��2/��;��$~��iF�&�[6<��X3KYr�N�D��{e?�C=��1hE7;�<��߬�[�M�S�Wp��1z/G �[Qt��GB�M�=�TE��q�� ^��l��X�c��.��^7�-<�3/ �hFW��32�`|�*B�)ڵ��x�s��?��H�=B��5�� (�&�<��?��5�>��]U�á��}��{��|��%�$�RSI��=��C�=��H^u�=�?2O|�l��G�r~w�͚0�cD��&i��|,[�ua��x�o)v1W T�q/��V�.�%~hRvV+��#�S��F1��x��7$�s�|��8��z�͡y�x�K]לKy�U��CEf��o �9�r�:��:� �d�H�]I=�8�� +� ��T䁮Y��f�2�ѹ��;�s&-��mj� U+c�� 5r�鶕��q�J~�s`��K7�`��Q��?��a�Dt?f܀�olܩB��J��_R�Llt�}�\G�jJ�8D$՗�҃��42t�8y�+�D��J@c'qm��腁Pa�7�K��Z��Lbq�`��m��T��丩}I�y�a�<U'�\�?��kV��Z��"��g)\%)m�0��g)��-�@L��T��2�oS/��K+F��7��z�I3��h�]�Y�}r)e`z��:��l�L�"t�Z��J�5��J��M�r��vU��@8CC�VF?��F�NQ�MQ4�더��A��үn��ޒ7�|y��F�#��a/��'�g��9w��M2�>�p�zݍ�:1-xM)� ��T��xt`[U[i�0Z�T��^�4/�h�qʊ��]�_�4\��)Fe�q5��̌<�i��/�-�i>�2�bg@`O�|j� �뚤(PK�� G�H�EhHA/�^a�^d��q��~��F��v�p��^��on�J�L��M��,| ��7�H)�+��_�v�)a�=��Dq/�T��kz�=�ft|*P9=@E�T��I��J� �!�� t(�3�D+��+W��_1b٪w�C�i�,�U��;��ƞ��I� P�E��<��$ho�z�Pw�ԮN<,�+6YO�5��x_�F㻽��^��3 AJx��9�Ҡ��&S�I��N�y G�t�B@c��G3�� <��?��-�s&��Ѳ� %��1Ļ<�w��ep��JU��r�qWV��}� ��+�{��DS��5R�R��H��D+pp7�SrC�#28�>��$mH�|�6Z��%tŀ+R��?(�h7��E��jR"

Sections

.text
Size: - Virtual size: 247KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 381KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 24B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 641KB - Virtual size: 640KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

265e7c6982658101461e221b9686fb01

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

comctl32

shlwapi

oledlg

ole32

oleaut32

ws2_32

netapi32

dbghelp

Exports

Exports

Sections

.text Size: - Virtual size: 247KB

.rdata Size: - Virtual size: 61KB

.data Size: - Virtual size: 28KB

.rsrc Size: 26KB - Virtual size: 39KB

.vmp0 Size: - Virtual size: 36KB

.vmp1 Size: - Virtual size: 381KB

.tls Size: 512B - Virtual size: 24B

.vmp2 Size: 641KB - Virtual size: 640KB

.reloc Size: 512B - Virtual size: 192B

.text
Size: - Virtual size: 247KB

.rdata
Size: - Virtual size: 61KB

.data
Size: - Virtual size: 28KB

.rsrc
Size: 26KB - Virtual size: 39KB

.vmp0
Size: - Virtual size: 36KB

.vmp1
Size: - Virtual size: 381KB

.tls
Size: 512B - Virtual size: 24B

.vmp2
Size: 641KB - Virtual size: 640KB

.reloc
Size: 512B - Virtual size: 192B